Lack of Two Factor Authentication (TFA) during password reset in IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal

Lack of Two Factor Authentication (TFA) during password reset in IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal

CVE-2018-1638 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.

Learn more about our Cis Benchmark Audit For Apple Ios.